lib/authoreyes/parser/priveleges_reader.rb
module Authoreyes
module Parser
# The PrivilegeReader handles the part of the authorization DSL in
# a +privileges+ block. Here, privilege hierarchies are defined.
class PrivilegesReader
# TODO: handle privileges with separated context
attr_reader :privileges, :privilege_hierarchy # :nodoc:
def initialize # :nodoc:
@current_privelege = nil
@current_context = nil
@privileges = []
# {priv => [[priv,ctx], ...]}
@privilege_hierarchy = {}
end
def initialize_copy(from) # :nodoc:
@privileges = from.privileges.clone
@privilege_hierarchy = from.privilege_hierarchy.clone
end
def append_privilege(priv) # :nodoc:
@privileges << priv unless @privileges.include?(priv)
end
# Defines part of a privilege hierarchy. For the given +privilege+,
# included privileges may be defined in the block (through includes)
# or as option :+includes+. If the optional context is given,
# the privilege hierarchy is limited to that context.
#
def privilege(privilege, context = nil, options = {}, &block)
if context.is_a?(Hash)
options = context
context = nil
end
@current_privelege = privilege
@current_context = context
append_privilege privilege
instance_eval(&block) if block
includes(*options[:includes]) if options[:includes]
ensure
@current_privelege = nil
@current_context = nil
end
# Specifies +privileges+ that are to be assigned as lower ones. Only to
# be used inside a privilege block.
def includes(*privileges)
raise DSLError,
'includes only in privilege block' if @current_privelege.nil?
privileges.each do |priv|
append_privilege priv
@privilege_hierarchy[@current_privelege] ||= []
@privilege_hierarchy[@current_privelege] << [priv, @current_context]
end
end
end
end
end